[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, sys-libs/glibc/files/2.19/

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, sys-libs/glibc/files/2.19/

[Benda XU]

commit:     19ab6715d42b41ddcb51a3395016e090f03943e9
Author:     Benda Xu <heroxbd <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 13:26:27 2019 +0000
Commit:     Benda XU <heroxbd <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 13:26:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19ab6715

sys-libs/glibc: add kernel 2.6.16 compatibility patch.

  This is only for Prefix on deprecated systems.  On thoses
  systems, vulnerable kernels are usually used.

  Hardened no longer makes sense, remove.

  Remove versionator, as it is not used.

Package-Manager: Portage-2.3.73, Repoman-2.3.17
Signed-off-by: Benda Xu <heroxbd <AT> gentoo.org>

 .../glibc-2.19-hardened-configure-picdefault.patch | 30 --------
 .../2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch  | 32 --------
 .../2.19/glibc-2.19-kernel-2.6.16-compat.patch     | 85 ++++++++++++++++++++++
 sys-libs/glibc/glibc-2.19-r2.ebuild                | 40 +---------
 4 files changed, 89 insertions(+), 98 deletions(-)

diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch
deleted file mode 100644
index 341d8c5028e..00000000000
--- a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Prevent default-fPIE from confusing configure into thinking
-PIC code is default.  This causes glibc to build both PIC and
-non-PIC code as normal, which on the hardened compiler generates
-PIC and PIE.
-
-Patch by Kevin F. Quinn <kevquinn@gentoo.org>
-Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu>
-
---- configure.ac
-+++ configure.ac
-@@ -2145,7 +2145,7 @@
- # error PIC is default.
- #endif
- EOF
--if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
-   libc_cv_pic_default=no
- fi
- rm -f conftest.*])
---- configure
-+++ configure
-@@ -7698,7 +7698,7 @@
- # error PIC is default.
- #endif
- EOF
--if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
-   libc_cv_pic_default=no
- fi
- rm -f conftest.*

diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch
deleted file mode 100644
index 72a616a046a..00000000000
--- a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-https://bugs.gentoo.org/503838
-http://gcc.gnu.org/PR60465
-https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html
-https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html
-
-newer versions of gcc generate relocations in the elf_get_dynamic_info func
-which glibc relies on to populate some info structs.  those structs are then
-used by ldso to process relocations in itself.  glibc requires that there are
-no relocations until that point (*after* elf_get_dynamic_info), so we end up
-crashing during elf_get_dynamic_info because the relocation has not yet been
-processed.
-
-this hack shuffles the code in a way that tricks gcc into not generating the
-relocation.  we need to figure out something better for upstream.
-
---- a/elf/get-dynamic-info.h
-+++ b/elf/get-dynamic-info.h
-@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
- 	info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
- 	     + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn;
-       else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
--	info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
--	     + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn;
-+	{
-+	  d_tag_utype i =
-+	      DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
-+	      + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM;
-+	  info[i] = dyn;
-+	}
-       ++dyn;
-     }
- 

diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch
new file mode 100644
index 00000000000..bf75f80cb7c
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-compat.patch
@@ -0,0 +1,85 @@
+Remove newer symbols that does not work on linux-2.6.16.
+
+This is only for Prefix standalone.
+
+Index: glibc-2.19/io/sys/stat.h
+===================================================================
+--- glibc-2.19.orig/io/sys/stat.h
++++ glibc-2.19/io/sys/stat.h
+@@ -361,10 +361,6 @@ extern int mkfifoat (int __fd, const cha
+ #ifdef __USE_ATFILE
+ /* Set file access and modification times relative to directory file
+    descriptor.  */
+-extern int utimensat (int __fd, const char *__path,
+-		      const struct timespec __times[2],
+-		      int __flags)
+-     __THROW __nonnull ((2));
+ #endif
+ 
+ #ifdef __USE_XOPEN2K8
+Index: glibc-2.19/posix/unistd.h
+===================================================================
+--- glibc-2.19.orig/posix/unistd.h
++++ glibc-2.19/posix/unistd.h
+@@ -419,7 +419,6 @@ extern int pipe (int __pipedes[2]) __THR
+ #ifdef __USE_GNU
+ /* Same as pipe but apply flags passed in FLAGS to the new file
+    descriptors.  */
+-extern int pipe2 (int __pipedes[2], int __flags) __THROW __wur;
+ #endif
+ 
+ /* Schedule an alarm.  In SECONDS seconds, the process will get a SIGALRM.
+Index: glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h
+===================================================================
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/x86/bits/epoll.h
++++ glibc-2.19/sysdeps/unix/sysv/linux/x86/bits/epoll.h
+@@ -19,11 +19,5 @@
+ # error "Never use <bits/epoll.h> directly; include <sys/epoll.h> instead."
+ #endif
+ 
+-/* Flags to be passed to epoll_create1.  */
+-enum
+-  {
+-    EPOLL_CLOEXEC = 02000000
+-#define EPOLL_CLOEXEC EPOLL_CLOEXEC
+-  };
+ 
+ #define __EPOLL_PACKED __attribute__ ((__packed__))
+Index: glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
+===================================================================
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
++++ glibc-2.19/sysdeps/unix/sysv/linux/bits/fcntl-linux.h
+@@ -187,8 +187,6 @@
+ # define F_GETPIPE_SZ	1032	/* Set pipe page size array.  */
+ #endif
+ #ifdef __USE_XOPEN2K8
+-# define F_DUPFD_CLOEXEC 1030	/* Duplicate file descriptor with
+-				   close-on-exit set.  */
+ #endif
+ 
+ /* For F_[GET|SET]FD.  */
+Index: glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h
+===================================================================
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/sys/epoll.h
++++ glibc-2.19/sysdeps/unix/sysv/linux/sys/epoll.h
+@@ -101,7 +101,6 @@ extern int epoll_create (int __size) __T
+ 
+ /* Same as epoll_create but with an FLAGS parameter.  The unused SIZE
+    parameter has been dropped.  */
+-extern int epoll_create1 (int __flags) __THROW;
+ 
+ 
+ /* Manipulate an epoll instance "epfd". Returns 0 in case of success,
+Index: glibc-2.19/time/sys/time.h
+===================================================================
+--- glibc-2.19.orig/time/sys/time.h
++++ glibc-2.19/time/sys/time.h
+@@ -140,8 +140,6 @@ extern int utimes (const char *__file, c
+ 
+ #ifdef __USE_BSD
+ /* Same as `utimes', but does not follow symbolic links.  */
+-extern int lutimes (const char *__file, const struct timeval __tvp[2])
+-     __THROW __nonnull ((1));
+ 
+ /* Same as `utimes', but takes an open file descriptor instead of a name.  */
+ extern int futimes (int __fd, const struct timeval __tvp[2]) __THROW;

diff --git a/sys-libs/glibc/glibc-2.19-r2.ebuild b/sys-libs/glibc/glibc-2.19-r2.ebuild
index 58038d81dd6..a0b75a595e9 100644
--- a/sys-libs/glibc/glibc-2.19-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.19-r2.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=6
 
-inherit prefix eutils versionator toolchain-funcs flag-o-matic gnuconfig usr-ldscript \
+inherit prefix eutils toolchain-funcs flag-o-matic gnuconfig usr-ldscript \
 	multilib systemd multiprocessing
 
 DESCRIPTION="GNU libc C library"
@@ -32,7 +32,7 @@ PATCH_VER=9
 SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2"
 SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )"
 
-IUSE="audit caps compile-locales debug doc gd hardened headers-only multilib nscd profile selinux suid systemtap vanilla"
+IUSE="audit caps compile-locales debug doc gd headers-only multilib nscd profile selinux suid systemtap vanilla"
 
 # Minimum kernel version that glibc requires
 # hppa requires 2.6.20
@@ -368,21 +368,6 @@ setup_flags() {
 
 	filter-flags '-fstack-protector*'
 	append-flags '-fno-stack-protector'
-
-	# Starting with gcc-6 (and fully upstreamed pie patches) we control
-	# default enabled/disabled pie via use flags. So nothing to do
-	# here then. #618160
-	if [[ $(gcc-major-version) -lt 6 ]]; then
-		if use hardened && tc-enables-pie ; then
-			# Force PIC macro definition for all compilations since they're all
-			# either -fPIC or -fPIE with the default-PIE compiler.
-			append-cppflags -DPIC
-		else
-			# Don't build -fPIE without the default-PIE compiler and the
-			# hardened-pie patch
-			filter-flags -fPIE
-		fi
-	fi
 }
 
 want_tls() {
@@ -757,6 +742,8 @@ src_prepare() {
 
 	gnuconfig_update
 
+	eapply "${FILESDIR}"/2.19/glibc-2.19-kernel-2.6.16-compat.patch
+
 	cd "${WORKDIR}"
 	find . -name configure -exec touch {} +
 
@@ -764,25 +751,6 @@ src_prepare() {
 
 	# Fix permissions on some of the scripts.
 	chmod u+x "${S}"/scripts/*.sh
-
-	cd "${S}"
-
-	if use hardened ; then
-		# We don't enable these for non-hardened as the output is very terse --
-		# it only states that a crash happened.  The default upstream behavior
-		# includes backtraces and symbols.
-		einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
-		cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
-		cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die
-
-		if use debug ; then
-			# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
-			sed -i \
-				-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-				-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-				debug/Makefile || die
-		fi
-	fi
 }
 
 glibc_do_configure() {

[gentoo-commits] repo/gentoo:master commit in: sys-libs/glibc/, sys-libs/glibc/files/2.19/

[Benda XU]

commit:     0b8021731a66814473118c2cff1bb7dcf38ad5d4
Author:     Benda Xu <heroxbd <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 22 09:35:40 2019 +0000
Commit:     Benda XU <heroxbd <AT> gentoo <DOT> org>
CommitDate: Sun Dec 22 13:56:37 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b802173

sys-libs/glibc: 2.19: remove pipe2 symbol from libc.so.

Package-Manager: Portage-2.3.79, Repoman-2.3.18
Signed-off-by: Benda Xu <heroxbd <AT> gentoo.org>

 .../files/2.19/glibc-2.19-kernel-2.6.16-hide-pipe2.patch | 16 ++++++++++++++++
 sys-libs/glibc/glibc-2.19-r2.ebuild                      |  1 +
 2 files changed, 17 insertions(+)

diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-hide-pipe2.patch b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-hide-pipe2.patch
new file mode 100644
index 00000000000..2b9ccceced2
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-kernel-2.6.16-hide-pipe2.patch
@@ -0,0 +1,16 @@
+Remove the pipe2 symbol from libc.so, otherwise meson will pick it up.
+
+This is a balance.  We decide not to strip all the O_CLOEXEC, otherwise
+gtk+ will need to be patched.
+Index: glibc-2.19/sysdeps/unix/make-syscalls.sh
+===================================================================
+--- glibc-2.19.orig/sysdeps/unix/make-syscalls.sh
++++ glibc-2.19/sysdeps/unix/make-syscalls.sh
+@@ -131,6 +131,7 @@ emit_weak_aliases()
+ 	echo "	 echo 'libc_hidden_def ($name)'; \\"
+ 	;;
+       *)
++	[ $name = pipe2 ] && continue
+ 	echo "	 echo 'weak_alias ($strong, $name)'; \\"
+ 	echo "	 echo 'libc_hidden_weak ($name)'; \\"
+ 	;;

diff --git a/sys-libs/glibc/glibc-2.19-r2.ebuild b/sys-libs/glibc/glibc-2.19-r2.ebuild
index 2ba5fba1eef..b30a924271c 100644
--- a/sys-libs/glibc/glibc-2.19-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.19-r2.ebuild
@@ -717,6 +717,7 @@ src_prepare() {
 	gnuconfig_update
 
 	eapply "${FILESDIR}"/2.19/glibc-2.19-kernel-2.6.16-compat.patch
+	eapply "${FILESDIR}"/2.19/glibc-2.19-kernel-2.6.16-hide-pipe2.patch
 
 	cd "${WORKDIR}"
 	find . -name configure -exec touch {} +